On Mon, Mar 02, 2015 at 09:33:04PM +, Guertin, David S. wrote:
Lets separate issues.
1. Adding AD user to IPA group in AD.
Did you re-login as that user on Windows side and then tried to logon
to IPA server?
Yes.
2. What do SSSD logs say about the login attempt? You
Can you show us your sssd.conf? When SSSD runs on IPA master it should
not use extdom (ipa_s2n_exop_send and friends) at all.
Sure, here's my sssd.conf:
[domain/csns.middlebury.edu]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = csns.middlebury.edu
id_provider =
Do these logs come from a client or the IPA server? Are you able to look up
the user on the IPA server at least?
These come from the IPA server. So no, I can't even look up the user on the
server.
Can you paste (sanitized) logs from the sssd_be process as well? They would
be located at
On Tue, 03 Mar 2015, Guertin, David S. wrote:
Do these logs come from a client or the IPA server? Are you able to look up
the user on the IPA server at least?
These come from the IPA server. So no, I can't even look up the user on the
server.
Can you paste (sanitized) logs from the sssd_be
On Tue, 2015-03-03 at 17:40 +, Guertin, David S. wrote:
yes, I'm quite certain this is the client.
Actually, it isn't, or at least it's not supposed to be. I've only ever
installed IPA on one machine, and the command I used to install it was
ipa-server-install (followed by ipa
On Tue, 03 Mar 2015, Guertin, David S. wrote:
I gather that you are running some version of RHEL 6.x (you never stated
your exact setup). What do you get with
Yes, this is RHEL 6.6
wbinfo -m
# wbinfo -m
BUILTIN
CSNS
MIDD
wbinfo -i 'AD\user'
# wbinfo -i 'MIDD\testuser'
failed to call
I gather that you are running some version of RHEL 6.x (you never stated
your exact setup). What do you get with
Yes, this is RHEL 6.6
wbinfo -m
# wbinfo -m
BUILTIN
CSNS
MIDD
wbinfo -i 'AD\user'
# wbinfo -i 'MIDD\testuser'
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get
On 03 Mar 2015, at 18:40, Guertin, David S. guer...@middlebury.edu wrote:
yes, I'm quite certain this is the client.
Actually, it isn't, or at least it's not supposed to be. I've only ever
installed IPA on one machine, and the command I used to install it was
ipa-server-install
On Tue, Mar 03, 2015 at 07:13:24PM +0200, Alexander Bokovoy wrote:
On Tue, 03 Mar 2015, Guertin, David S. wrote:
Do these logs come from a client or the IPA server? Are you able to look up
the user on the IPA server at least?
These come from the IPA server. So no, I can't even look up the
yes, I'm quite certain this is the client.
Actually, it isn't, or at least it's not supposed to be. I've only ever
installed IPA on one machine, and the command I used to install it was
ipa-server-install (followed by ipa dnsconfig-mod, ipa-adtrust-install, and ipa
trust-add, as described in
On Tue, 03 Mar 2015, Guertin, David S. wrote:
Can you show us your sssd.conf? When SSSD runs on IPA master it should
not use extdom (ipa_s2n_exop_send and friends) at all.
Sure, here's my sssd.conf:
[domain/csns.middlebury.edu]
cache_credentials = True
krb5_store_password_if_offline = True
Lets separate issues.
1. Adding AD user to IPA group in AD.
Did you re-login as that user on Windows side and then tried to logon
to IPA server?
Yes.
2. What do SSSD logs say about the login attempt? You need to set
debug_level = 10 in [domain/..], [nss] and [pam] sections of
On 03/02/2015 04:33 PM, Guertin, David S. wrote:
Lets separate issues.
1. Adding AD user to IPA group in AD.
Did you re-login as that user on Windows side and then tried to logon
to IPA server?
Yes.
2. What do SSSD logs say about the login attempt? You need to set
debug_level =
I'm trying to set up a trust relationship between IPA and our Active Directory
environment so that our AD users can log in to our Linux machines. The two-way
trust relationship appears to be set up correctly, with no errors reported, and
everything looking normal in the GUI and the CLI. For
14 matches
Mail list logo
